Cybersecurity Risk Analyst IV

Description

CTG is seeking to fill a Cybersecurity Risk Analyst IV opening for our client in Buffalo, NY.

 

Location: Buffalo, NY

Duration: 12 months

 

Overview:

Supports a Cybersecurity risk management and governance practice focused on Cybersecurity risk assessments, First Line of Defense and controls testing strategy, development and maintenance of Cybersecurity policies and standards, evaluation of Cybersecurity legal and regulatory requirements, development, and execution of the Cybersecurity awareness program, and/or development and execution of the Cybersecurity Risk Management Program.

 

Primary Responsibilities:

• Maintain current knowledge of the Company's Cybersecurity and Risk management policies, standards, and procedures as well as industry best practices and proposed new guidelines and regulations.
• Identify and evaluate Cybersecurity risk to the business and drive development of strategies to mitigate identified risks based on diverse factors including the organizations overall risk appetite and tolerance.
• Provide current data for key risk indicators (KRIs) and key performance indicators (KPIs). Present results to risk committees. Review current KRIs and KPIs, recommend enhancements to management and present recommendations to risk committees.
• Understand and adhere to the Company's risk and regulatory standards, policies, and controls in accordance with the Company's Risk Appetite. Identify risk-related issues needing escalation to management.
• Promote an environment that supports diversity and reflects the Company brand.
• Maintain internal control standards, including timely implementation of internal and external audit points together with any issues raised by external regulators as applicable.
• Complete other related duties as assigned.

Scope of Responsibilities:

• This position requires regular interaction with non-management, middle management, certain senior management, and business units and partners. This position also requires occasional interaction with the Chief Information Security Officer.
• This role is used in one or more of the following ways:
• Risk Assessment - Design and develop Cybersecurity risk assessments based on subject matter expertise and industry best practices. Execute risk assessments, analyze results, recommend, and implement remediation plans to address defined risks. Present recommendations to area management and various risk committees. Work with other areas of Cybersecurity to define and document controls associated with identified risks.
• Controls Testing Design - Develop, document, and maintain the Company's Cybersecurity controls testing program and plan. Confirm the program aligns with Cybersecurity policies and standards, Risk Management policies and regulatory requirements.
• Policy and Standards - Research, recommend, and develop new Cybersecurity policies and standards based on the Company's strategic direction and aligned with legal and regulatory requirements and industry best practices. Present recommendations to area management and various risk committees for approval. Update and enhance existing Cybersecurity policies and standards as needed.
• Regulatory - Review assigned regulatory notifications to identify impact to organization. Discuss results with stakeholders and develop recommendations along with associated action plans to address gaps. Summarize results, recommendations, and action plans and present to management and various risk committees. Lead efforts to address action plans.
• Risk Management Program - Design and develop the Cybersecurity Risk Management program, ensure proper alignment with Company policies and procedures. Analyze program results, recommend enhancements. Present recommendations to area management and various risk committees. Work with other areas of Cybersecurity to define and document key risks and controls.

 

Education and Experience Required:

• Associates degree and a minimum of 7 years relevant work experience, or in lieu of a degree, a combined minimum of 9 years higher education and/or work experience, including a minimum of 7 year relevant work experience.
• Excellent knowledge of Cybersecurity principles relevant to confidentiality, integrity, availability, authentication, and non-repudiation.
• Proven ability facilitating targeted discussions with peers, line managers and senior management within business unit.
• Experience conducting research and evaluating information for reliability, validity, objectivity, and relevance.
• Excellent ability communicating complex information, concepts, or ideas in a confident and well-organized manner through verbal, written and/or visual means.
• Experience conducting information searches.
• Excellent ability to discern protection needs (i.e., security controls) of information systems and networks.
• Proven ability to design and develop effective risk management processes (e.g., methods for assessing and mitigating risk).
• Experience recognizing vulnerabilities in security systems.
• Excellent ability designing valid and reliable assessments.
• Experience conducting knowledge mapping.
• Experience anticipating new security threats.

Education and Experience Preferred:

• Bachelors degree.
• Certified Information Systems Security Professional (CISSP) or Certified Risk and Information Systems Control (CRISC) certification or Cybersecurity domain-related industry-recognized certification.
• Knowledge of organizations risk tolerance and/or risk management approach.
• Knowledge of organizational security policies.

Excellent verbal and written English communication skills and the ability to interact professionally with a diverse group are required.

 

CTG does not accept unsolicited resumes from headhunters, recruitment agencies, or fee based recruitment services for this role.

 

To Apply:

To be considered, please apply directly to this requisition using the link provided. For additional information, please contact Rebecca Olan at 716-887-7371 or Rebecca.Olan@ctg.com. Kindly forward this to any other interested parties. Thank you!

 

The expected base salary for this position ranges from $105,000 to $160,000. Salary offers are based on a wide range of factors including relevant skills, training, experience, education, market factors, and where applicable, licensure or certifications obtained. In addition to salary, a competitive benefit package is also offered.

Pay Range

USD $105,000.00 - USD $160,000.00 /Yr.

About Us

CTG is a leading provider of digital transformation solutions and services that accelerate clients' project momentum and achievement of their desired IT and business outcomes. Our vision is to be an indispensable partner to our clients and the preferred career destination for digital and technology experts. CTG has operations in North America, South America, Western Europe, and India. For more information, visit www.ctg.com.

Our culture is a direct result of the people who work at CTG, the values we hold, and the actions we take. In other words, our people are the culture. It's a living, breathing thing that is renewed every day through the ways we engage with each other, our clients, and our communities. Part of our mission is to cultivate a workplace that attracts and develops the best people, reflected by our recognition as a Great Place to Work-certified company in every country in which we operate.

CTG will consider for employment all qualified applicants including those with criminal histories in a manner consistent with the requirements of all applicable local, state, and federal laws.

CTG is an Equal Opportunity and Affirmative Action Employer. CTG will assure equal opportunity and consideration to all applicants and employees in recruitment, selection, placement, training, benefits, compensation, promotion, transfer, and release of individuals without regard to race, creed, religion, color, national origin, sex, sexual orientation, gender identity and gender expression, age, disability, marital or veteran status, citizenship status, or any other discriminatory factors as required by law. Our Affirmative Action program serves to promote occupational equality and diversity through good faith efforts. CTG is fully committed to promoting employment opportunities for members of protected classes.